Rotate AWS Secrets Manager secrets

Rotation is the process of periodically updating a secret. When you rotate a secret, you update the credentials in both the secret and the database or service. In Secrets Manager, you can set up automatic rotation for your secrets. Applications that retrieve the secret from Secrets Manager automatically get the new credentials after rotation.

To turn on automatic rotation, you need administrator permissions. See Secrets Manager administrator permissions.

Topics

Rotation strategies
Automatically rotate an Amazon RDS, Amazon DocumentDB, or Amazon Redshift secret
Automatically rotate another type of secret
Rotate a secret immediately
How rotation works
Network access for the rotation function
Permissions for the Lambda rotation function
Customize a Lambda rotation function for Secrets Manager
Secrets Manager rotation function templates

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Cache secrets to improve performance

Rotation strategies